One "seat" covers all. Besides, it doesn't really matter anyway-- it's not
like anyone reallys PAYS for MS software, right???? :-p
t
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
OPENOFFICE.ORG
... okay. I know. Sssh.
Oh and by the way I made this pretty expose just to answer Herr Doktor Shinder's question :P
But this makes me wonder actually, how does the Windows licensing applies to VPN connections? More specifically in the per seat context?
-----Message d'origine----- De : Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Envoyé : 18 janvier 2006 11:43 À : [ISAserver.org Discussion List] Objet : [isalist] RE: ISA Licensing
http://www.ISAserver.org
EXCEL
----- "I'll see your Llama and up you a Badger." John T
http://www.ISAserver.org
WORD.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, January 18, 2006 9:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Licensing
http://www.ISAserver.org
All true, but the point was about "ISA" licensing, which is not in any way shape or form related to CALs.
Let us not confuse one with the other, but rather, bask in the glow that cometh from a judicious application of synapse activity directed toward a soluble conundrum.
Can I get a witness?!?
-------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! --------------------------------------------
-----Original Message----- From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Wednesday, January 18, 2006 5:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Licensing
http://www.ISAserver.org
Watch me reply to myself! HUH! YEAH WATCH ME!
Since nobody commented on this, I am bringing it up again to add up a bit to what I said previously. This licensing scheme holds true in Windows 2000, which was in place when I did my MCSE course (never did get the certification though from lack of motivation), but it occurred to me that it was a bit outdated.
In Windows Server 2003, the "Per Seat" licensing mode was changed to "Per Device/Per User" (Per Server remains the same). This means that you either assign the CALs to Users or to Machines. Slightly more granular. So suppose I have the previous ASCII drawing, and have three users in there, I only need three CALs.
This should be a bit more interesting than Per Seat if you have VPN services that auth against an Active Directory.
Whenever I look at Windows licensing, I think "The price for a Kerberos token is high". And then nod in the same way you usually do whenever something gloom, of a nihilistic outcome is enunciated. And then proceed to sip Diet Coke.
-----Message d'origine----- De : Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Envoyé : 16 janvier 2006 10:19 À : [ISAserver.org Discussion List] Objet : [isalist] RE: ISA Licensing
http://www.ISAserver.org
Well, don't take what I'm saying as cold hard cash, but... This should be a refresher for you MCSAs MCSEs and MCPs.
* Per Seat (which I prefer the split second you have more than one server):
You will need one cal for each device/client that accesses the server (any kind of service). Connections between servers don't count for they are handled by your *server* license. This is the reason.
* Per Server (which I find insanely limiting):
In this scenario, some CALs are associated with a particular server; you enter them in the licensing applet in the control Panel. Purchasing say, 150 CALs will just allow you to connect 150 clients simultaneously.
If you have two servers, and one of them needs to access the other server, that eats one CAL.
So let's make it ASCII (I'm not as cool as Thor in this regard though):
[Server] ----- [Server] / | | \ [Client] [Client] [Client] [Client]
In this scenario, Per set licensing would require 4 CALs, because you have 4 clients accessing server resources, and the CALs are bound to the CLIENTS.
Per Server would require...uh... 10 CALs. Because for each server, you have five devices (let's assume the two servers talk to each other continuously) accessing resources simultaneously and there are two servers, and the CALs are bound to the CONNECTIONS.
I'm not sure about 2000 and 2003, but in the NT4 days, the per-server licensing mode was in fact "per connection" regardless of the device. In theory, it was probably not intended to, but practically that's what it did. Someone printing ate one CAL, the same person accessing the monthly tax report through SMB (or CIFS for those who like to call it that way) ate another.
We had a Citrix Winframe (not metaframe. Winframe. NT 3.5 baby) server acting as the secondary DC that ate every single CAL by opening random RPC connections and never closing them... I think it was just the whole setup malfunctioning and that it was not intended that way.
-----Message d'origine----- De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Envoyé : 14 janvier 2006 14:15 À : [ISAserver.org Discussion List] Objet : [isalist] RE: ISA Licensing
http://www.ISAserver.org
That's a good question. I thought per server was for CIFS connections only. ???
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Saturday, January 14, 2006 12:27 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Licensing
>
> http://www.ISAserver.org
>
> Not if it is per server licensing, right?
>
> t
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Saturday, January 14, 2006 8:59 AM
> Subject: [isalist] RE: ISA Licensing
>
>
> http://www.ISAserver.org
>
> Hi Joseph,
>
> Why use RADIUS? Isn't the ISA firewall a domain member?
>
> You need CALs for the users at the DC.
>
> If you're using the local SAM on the ISA firewall, then you
need user
> CALs on the ISA firewall, but that's an unusual setup.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> > Sent: Friday, January 13, 2006 2:59 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA Licensing
> >
> > http://www.ISAserver.org
> >
> > Jim:
> >
> > No - only authentication is for VPN to > ISA to > RADIUS/DC.
> >
> > Joe
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Friday, January 13, 2006 3:23 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA Licensing
> >
> > http://www.ISAserver.org
> >
> > Part 2..
> >
> > Does ISA authenticate any other traffic?
> > If so, how are those accounts resolved; via RADIUS or
direct-to-AD?
> >
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> > Sent: Friday, January 13, 2006 12:03
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA Licensing
> >
> > http://www.ISAserver.org
> >
> > Jim: Very interesting!
> >
> > My ISA is in Workgroup mode and using RADIUS for remote VPN
> connection
> > authentication.
> >
> > So, I assume I only need to count those accounts that
> establish remote
> > VPN connection? Correct?
> >
> > Joe
> > P.S. one beer also goes to Jim.
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Friday, January 13, 2006 2:58 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA Licensing
> >
> > http://www.ISAserver.org
> >
> > Caveat - Windows still requires a CAL for each user being
> > authenticated
> > by ISA.
> > Don't confuse one with the other or think that ISA
> licensing replaces
> > Windows licensing.
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
